Improving Network Quality

I am running a wireless n router, model DIR 615. WiFi certified on a 1024
up/dn backbone. There is no login server just the Dlink router. I have
individuals running several programs on their computers. I would like to
control internet/ network access during daytime hours. I want to block chat
programs, downloading on certain ports, etc. in order to provide a better
quality network during the day.

I have individuals complaining of minutes to open a webpage and days to
download a 8Mb email. I must add, I don't see the same problems they're
having. Can anyone shed some light on past/ current experience.

Popular White Paper On This Topic

Hello,
I am not familiar with the Router you mention but you may be able to
control ports. If not you could install a Router with these features.
At times I have noticed that it is not the speed of the network but the
speed of their

Max MTU 'should' be set at 1500, unless there is an overriding reason for
reducing it. A review of logs, with an eye for failures should be the first
step to reducing MTU value. See the below link for a quick tutorial on the
reasons.

You'll note that there are some documented, creative uses of Ping, although
seldom recommended, which can assist you in diagnosing your TCPIP
transmission rates. This can assist in finding the optimum MTU for most
networks. Anything less than 1472 - 1500 should be a reason to trigger a
detailed review of network components with an eye toward isolating
bottlenecks or marginal components, connections.

I don't disagree . However, my suggestion stands - changing MTU 'should' be
preceded by evaluation of the local network for cause. Finding and fixing
bottle-neck, in my opinion should be attempted before masking the problem by
adjusting network throughput downward. There are numerous reports, tools and
utilities, native to OS (Microsoft and X-nix) which may help discover and
identify where problems are occurring. At that point, the SA can make an
informed decision, cost/benefit, of what the next steps should be.

I may have missed where you or some other respondent had recommended
diagnostic steps that might be taken before putting on a bandage, if so,
please accept my apology for resurrecting the process and suggestion.

How many nodes share the LAN? All of them share the same router, the same
connection to Internet? The router has responsibility for network access;
and what else, DHCP, DNS?

Realizing that I am making a number of assumptions, it would help get a
handle on the problem if you supply confirmation on the above points.

Connectivity is not the same at access. It is very likely that your network
is overloaded. In earlier message I commented on diagnosing the reasons
behind your obvious network symptoms. What would concern me is you are
evaluating the symptom, not getting a good handle on the possible causes
first. Collisions, fragmentation, slow response, interrupted throughput all
seem more related to overuse of a limited resource.

Since most internet access comes through HTTP, port blocking may not be as
effective as you would think. There are limits to what you can accomplish
without increasing system resources. Sounds like you are running a
peer-to-peer network with a single gateway to the internet, which is also
responsible for accessing/servicing your "workgroup"?

".There is no login server just the Dlink router. I have individuals
running several programs on their computers. I would like to control
internet/ network access during daytime hours. I want to block chat
programs, downloading on certain ports, etc. in order to provide a better
quality network during the day. .".

Hi timpsonc,
You may want to look at an application layer firewall. There are many choices. Take a look at Untangle http://www.untangle.com/. This is a free firewall that can run on older hardware and provides the application control you need. The protocol control in Untangle provides the ability to block/log traffic based on the application rather than just the port.

There are roughly 35 systems, including printers on the network at one given
time. Yes, all share the same Dlink router and the same connection to the
internet. The "Dlink" sit behind a iDirect modem from the ISP. The Dlink
provides DHCP, DNS is provided by the ISP. We have 1024 up/dn, dedicated
service. I am aware should be more than sufficient for the number of system
we're running.

Our current network design is as follows à CISCO switches (5) connecting to
the Dlink (DIR-615) à iDirect modem shooting to the ISP.

The best way I know of to control a network of that size is with a business class firewall solution. Cisco, Juniper, Watchguard all come to mind. IPolicy is also an option. None of these are "cheap" but the availability of the filtering you want to accomplish and max throughput for an office full of users will make the cost worth it.
The DIR-615, while capable of handling the max throughput your internet connection can provide (in theory), isn't really designed to handle 35 users (if I remember correctly). Consider for example, that every request processed by the router requires a dynamic translation entry be made. At three or four users that's a lot, at 30 concurrent users, it will cause slowness or lockup.

All the above posts are very helpful I would definitely consider there suggestions. you said you were using a wireless n router. Routers are none for much speed but you can use it to block ports and control internet content and access duration. Research using a proxy server for this as well. AS for speed, buy a 10/100mb switch, Dlink and CISCO have some really good quality switch devices. Make sure there are no resource hungry applications running in the background of the user's PC. If you can upgrade system memory.

Fellow Sys & Net Admin gurus, I am calling on the experts for your
expertise. Aside from myself, I am having various issues with within our
SOHO. I he attempted to combat most. We all know, if it is not one thing,
it's another.

Background, I am one person deep, running a SOHO of about 50 systems,
including printers. I have a 1024 up/dn dedicated link back to Germany. The
network consist of company personnel, personal computers and local national
computers. Away from the personal computer. We're running WinXP Pro, AV
software and malware bytes.

The first area I would like to tackle, bandwidth usage. During the hours of
1700 - 0800 there maybe 20 users on the network. Our ISP claims, "We're
peaked 24 hours a day. There may be some peer-to-peer activity, or someone
is downloading throughout the night, this I understand.

Question, what software (would one recommend) to locate and disable
peer-to-peer activity.

There are plenty of question, answers, just looking for the best course of
action. Thank you for time, effort, suggestion and advice.

Download network monitor 3.0. This app surveillance what is being
transmitted through any network it is set to monitor and gives detailed
information of what is active on the network, what type of data is being
transmitted, where it is coming from, speed of the transmission and how much
bandwith it's consuming.

take an old system and install Untangle http://www.untangle.com/ firewall between your DLink and the switch connected to that Dlink. Setup the Untangle firewall as transparent.
(you should have only 1 switch directly connected to that router btw)
The only service you need running right now on the Untangle firewall is 'Protocol Control'.
This will allow you to log all application traffic and determine what type of traffic is slowing you down and where it is coming from.
Once you have the problem identified, the same protocol control will allow you to block the traffic.

As you know there are several ways to attack this issue.
Through network monitoring you can determine which switch ports are using the most bandwidth. Cacti, SolarWinds, MRTG to name a few.
If you're looking only at bandwidth you can't tell exactly what the user is doing.
Procera, NetEnforcer, SonicWall, etc., make products that are layer seven aware and can limit or block applications by protocol or port. This is where the Peer-to-Peer blocking comes into play.
Currently we use a Procera PacketLogic box that allows us to set limits on P2P traffic by application or user.
Given current usage, the amount of bandwidth you have is very limiting for 20 + users.
Good Luck,
Colin

Copyright 1998-2015 Ziff Davis, LLC (Toolbox.com). All rights reserved. All product names are trademarks of their respective companies. Toolbox.com is not
affiliated with or endorsed by any company listed at this site.